Procedures for Vulnerability Assessment (Windows Only)
Project: Vulnerability Assessment using Tenable Nessus Essentials
Student Name: Oswald Eyram Toku
Instructor: Dr. Noah Darko-Adjei
Date: 10
th
November 2025
1. Introduction
This document outlines the practical steps used to perform a vulnerability assessment using
Tenable Nessus Essentials on a Windows system. It includes installation, software integrity
verification, network and host scans, custom scan policy configuration, and exporting scan
results.
2. System Requirements (Windows)
Requirement
Description
Operating System
Windows 10 / 11
Permissions
Administrator’s rights required
Network Access
Internet connection required for plugin
updates
Browser
Chrome, Edge, or Firefox
3. Installing Nessus Essentials (Windows)
1. 1. Visit the official Nessus Essentials download page.
2. 2. Download the Windows Installer (exe).
3. 3. Locate the installer in the Downloads folder.
4. 4. Double-click the installer to begin setup.
5. 5. Accept the license agreement and proceed with default installation settings.
6. 6. Once installation is completed, Nessus will automatically start.
7. 7. Open a browser and enter: https://localhost:8834
8. 8. Select Nessus Essentials, enter activation code, and allow plugin download to complete.
4. Verifying Installer Integrity (MD5 Hash)
Purpose: To confirm the downloaded Nessus installer has not been altered or corrupted by
comparing the installer’s MD5 hash with the official MD5 provided by Tenable.
Steps:
1. I Obtained the official MD5 hash of the installer from the Tenable download page. This is
shown in Figure 1.1 below.
Figure 1.1
2. Then I located winMD5 on my pc and I launched I. As shown in Figure 1.2 below.
Figure 1.2
3. In the WinMD5 GUI, I Pasted the original hash function in the section designated for it. And
this is shown below in Figure 1.3
Figure 1.3
4. Then I selected newly installed file of Nessus Essentials and proceeded to verify. The result
was a match indicating that there was no comprise. This is shown below in Figure 1.4.
Figure 1.4
5. Network Scan Procedure
The purpose of performing a network scan is to identify all active devices, open ports, running
services, and potential vulnerabilities across the network. This helps in understanding the
overall security posture of the network environment before performing more targeted or host-
level assessments. The network scan provides visibility into what systems are present, how they
communicate, and whether any exposed services or configurations may be exploited by
attackers. By discovering these systems and services, the organization can proactively secure
weak points, reduce attack surface, and prioritize remediation based on risk.
1. Open Nessus Web UI: https://localhost:8834. This is shown below in Figure 2.1.
2. Select new scan and among the options select basic network scan. As shown below in Figure
2.2
3. In basic network scan window, provide a name and description for the scan. This is shown
below in Figure 2.3.
4. In Targets, enter your network range (example: 192.168.1.0/24). As shown below in Figure 2.3
5. Navigate to Settings →Discovery Enumeration, change to Custom. As shown below in
Figure 2.4
6. Save and navigate to My scans and launch the newly configured network scan. This is shown
below in Figure 2.5
7. You select the basic network scan result then you navigate to report and the format you want
the report to be generated in. In my case I selected CSV and in CSV window you select your
preferred requirement, and you proceed to generate the report. This is shown below in
Figure 2.6
Figure 2.1
Figure 2.2
Figure 2.4
Figure 2.5
Figure 2.6
6. Host Scan Procedure
The purpose of a host scan is to perform a detailed, in-depth assessment of a specific system to
identify vulnerabilities, misconfigurations, missing patches, weak services, and security risks
present on that individual machine. Unlike a network scanwhich provides a broad overview of
all devices on the networka host scan focuses on one system at a deeper level, including its
installed applications, running processes, open ports, system registry, patch status, and user
account configurations.
This allows security teams to understand the exact weaknesses affecting that system and to
prioritize targeted remediation actions based on severity and potential impact.
1. From Nessus homepage, you select new scan and in the new scan option you select Host
discovery.
2. Then you follow the same procedures demonstrated in the network scan.
7. Creating a Custom Scan Policy
1. From the Nessus homepage, navigate to the Resources section and select Policies and select
new policy. As shown in Figure 3.1
2. Click on Advanced Scan to create a new custom scan policy. This is shown in Figure 3.2
3. Enter a name and description of the policy to identify its purpose. This is shown in Figure 3.3
4. In the Targets field, enter the IP address of the host or network you intend to scan. As shown
in Figure 3.4
5. Navigate to the Settings tab and configure the scanning parameters as required (e.g., scan
performance, discovery settings, credential settings, and port scanning options)
6. Go to the Plugins tab and enable or disable the plugins you want to include in the scan based
on your objectives. As shown in Figure 3.5
7. Click Save to store the custom policy.
8. To run the scan, go back to My Scans, select the newly created policy, and launch the scan.
Refer to chapter five for the rest of the steps.
9. Once the scan is completed, open the scan results and analyze the findings.
10. To export the results, click the Report button, choose the desired format (in this case, CSV),
and generate the report.
11. Save the exported CSV report for documentation and analysis.
Figure 3.1
Figure 3.2
Figure 3.3
Figure 3.4
Figure 3.5
8. Exporting and Sorting Scan Results
Steps to export CSV:
1. Open completed scan results.
2. Click Export → Select CSV.
3. Save the file. Refer to chapter 5 for step one to three.
4. Open the CSV in Excel.
5. Sort vulnerabilities by Severity. As shown in Figure 4.1
Figure 4.1
9. Screenshot Submission Checklist
Step
Screenshot Required
Completed (Y/N)
Installer download
Yes
Installation progress
Yes
Activation & UI access
Yes
MD5 verification
Yes
Network Scan setup
Yes
Host Scan setup
Yes
Custom Policy screen
Yes
CSV export & severity sort
Yes
End of Procedures Document.
Windows Vulnerability Assessment Executive Report
Prepared by: Oswald Eyram Toku
Tool: Tenable Nessus Essentials
Scan Date: 2025-11-10
1. Introduction
This report documents the results of a vulnerability assessment performed against Windows
host(s) using Tenable Nessus Essentials. The emphasis is on technical findings, exploitability, and
remediation guidance that IT teams can implement to reduce risk.
2. Scope & Methodology
Scope:
- Targets: Windows hosts in the lab/network (examples: workstations, servers).
- Scan Types: Network discovery scans, host-level (credentialed) scans and custom policy scan.
Methodology Summary:
- Nessus scan(s) launched using a custom policy with Enumeration set to Custom.
- Credentialed Windows checks were enabled where administrator credentials were available to
reveal configuration/patch gaps.
- Results exported to CSV for triage and prioritization.
3. High-Level Results (Summary)
The scan results used in this report assume the following counts (replace with real scan counts
after lab run):
Severity
Count
Critical
500
High
20
Medium
15
Low
25
Total
560
4. Technical Findings (Representative)
Below are representative technical findings that typically appear in Windows-focused scans. For
each finding, capture the Nessus Plugin ID, affected host(s), CVSSv3 score, and the plugin
synopsis/solution.
Plugin ID
Vulnerability /
Title
Affected Host(s)
CVSSv3
Suggested
Remediation
12345
Remote Code
Execution in
Service X
192.168.1.10
9.8
Apply vendor
patch/upgrade
service
immediately
23456
Unpatched
SMBv1 enabled
192.168.1.12
7.5
Disable SMBv1,
apply security
updates
34567
Weak/Default
Credentials on
RDP
192.168.1.20
8.2
Enforce strong
passwords and
enable MFA,
restrict network
access
5. Exploitability and Risk Prioritization
Prioritization criteria used:
- Exploitability (remote vs local)
- Asset criticality (internet-facing, contains sensitive data)
- CVSS and proof-of-concept availability
Focus remediation on vulnerabilities that are both high-severity and remotely exploitable first.
6. Remediation Recommendations (Technical Steps)
9. Critical (Immediate - within 24 hours)
- Identify each affected host and isolate from network segments if a patch cannot be applied
immediately.
- Apply vendor patches or updates. For Windows hosts, use WSUS/Windows Update or vendor-
specific patches.
- If patching is impossible, implement compensating controls (restrict access via firewall, disable
vulnerable services).
- Rescan hosts after remediation to verify fixes.
10. High (37 days)
- Schedule and apply patches during approved maintenance windows.
- Address configuration issues (e.g., disable unnecessary services, enforce secure settings).
- Harden authentication: enforce complex passwords and deploy MFA for privileged accounts.
11. Medium (14 days)
- Plan and apply updates, track via ticketing system.
- Review and tune intrusion detection/prevention rules for the affected services.
12. Low (30 days)
- Evaluate and schedule non-urgent updates and configuration changes.
7. Verification and Validation Procedures
After remediation, perform the following to validate fixes:
1. Re-run the same Nessus scans using the identical policy and targets.
2. Confirm the specific Plugin ID(s) no longer appears for the remediated host(s).
3. Capture screenshots of the rescans and updated Executive Summary.
4. Maintain a remediation log: Plugin ID, Host, Action taken, Date, Verifier.
8. Remediation Policy & SLA (Recommended)
Severity
Proposed SLA
Actions Required
Owner
Critical
Within 24 hours
Patch or isolate;
emergency change
control
IT Ops / Sysadmin
High
37 days
Patch or apply
mitigations; schedule
maintenance
IT Ops
Medium
14 days
Plan and patch
during maintenance
window
IT Ops / App Owner
Low
30 days
Schedule and apply
as part of routine
updates
IT Ops
9. 30-Day Implementation Plan (Technical)
Timeline
Activities
Days 01
Triage critical vulnerabilities; isolate systems
if necessary.
Days 27
Apply patches for Critical & High items; verify
with rescans.
Days 814
Address Medium vulnerabilities and apply
configuration hardening.
Days 1530
Resolve Low items, deploy automation for
patching, enable continuous scanning.
10. Appendix A Evidence & Artifacts
Attach or reference the following generated artifacts:
- nessus_scan_results_<date>.csv
- nessus_exec_summary_<date>.pdf
- Screenshots: see Procedures screenshot checklist (installer, MD5, scan runs, CSV export,
executive summary)
Ensure all filenames and timestamps are included when submitting.
11. Appendix B Useful Commands / Remediation Examples
Windows Commands / Tips:
- Compute MD5 (Windows PowerShell / certutil): certutil -hashfile C:\Path\To\Nessus-
Installer.exe MD5
- Check Windows Update status: Get-WindowsUpdateLog (or use WUA API / WSUS
management)
- Disable SMBv1 via PowerShell: Set-SmbServerConfiguration -EnableSMB1Protocol $false
Remediation verification:
- After patching, rerun the Nessus scan and verify Plugin IDs are resolved.
End of Executive Report.